package com.barbeque.mall.config;

import com.barbeque.mall.config.realm.CustomRealm;
import com.barbeque.mall.config.realm.WxRealm;
import org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor;
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.apache.shiro.web.session.mgt.DefaultWebSessionManager;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;

import java.util.Arrays;
import java.util.LinkedHashMap;

/**
 * @author why
 * @since 2022/07/19 17:42
 */
@Configuration
public class ShiroConfiguration {
    /**
     * ShiroFilter -->SecurityManager
     */
    @Bean
    public ShiroFilterFactoryBean adminShiroFilter(DefaultWebSecurityManager securityManager) {
        ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
        shiroFilterFactoryBean.setSecurityManager(securityManager);

        /**
         * 提供Filter链，-->配置的内容类似于之前的HandlerInterceptor
         * 1、Filter是谁-->anon,authc、perms
         * 2、Filter的作用范围是什么？-->建立请求URL和Filter之间的映射关系
         * 3、Filter之间的顺序-->书写顺序
         * anon<-authc<-perms
         */
        //LinkedHashMap保证map中的值是有序的
        LinkedHashMap<String, String> filterChainDefinitionMap = new LinkedHashMap<>();
        // /admin/auth/login这个url对应着 anon Filter → 匿名Filter，，key-value
        filterChainDefinitionMap.put("/**/auth/login", "anon");
        filterChainDefinitionMap.put("/admin/auth/info", "anon");
        filterChainDefinitionMap.put("/admin/auth/noAurhc", "anon");

        // admin开头的请求，都要通过认证Filter
        /**
         * 如果访问某个请求的时候，该请求对应的filter是authc,如果没有通过这个filter则说明没有权限
         * shiro会给你重定向->默认的重定向的地址 /login.jsp
         * 如果想要修改重定向的地址，可以使用方法来修改
         */
//        shiroFilterFactoryBean.setLoginUrl("/admin/auth/noAuthc");
        filterChainDefinitionMap.put("/admin/**", "authc");

        // 权限的配置，可以将url和对应的权限建立映射关系
        // 还可以通过注解的方式来建议url和权限之间的映射关系 → Advisor、@RequiresPermission（Handler方法上）
        // url和handler方法对应、权限和Handler方法对应 → url和权限对应
        // filterChainDefinitionMap.put("/admin/admin/list", "perms[admin:admin:list]");

        shiroFilterFactoryBean.setFilterChainDefinitionMap(filterChainDefinitionMap);
        shiroFilterFactoryBean.setLoginUrl("/admin/auth/login");
        return shiroFilterFactoryBean;
    }

    /**
     * WxShiroFilter
     *
     * @param securityManager
     * @return org.apache.shiro.spring.web.ShiroFilterFactoryBean
     * @author Euphonium
     * @since 2022/07/21
     */
    @Bean
    public ShiroFilterFactoryBean wxShiroFilter(DefaultWebSecurityManager securityManager) {
        ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
        shiroFilterFactoryBean.setSecurityManager(securityManager);

        LinkedHashMap<String, String> filterChainDefinitionMap = new LinkedHashMap<>();
        filterChainDefinitionMap.put("/wx/auth/login", "anon");
        filterChainDefinitionMap.put("/wx/goods/**", "anon");
        filterChainDefinitionMap.put("/wx/cart/goodscount", "anon");
        filterChainDefinitionMap.put("/wx/brand/**", "anon");
        filterChainDefinitionMap.put("/wx/catalog/**", "anon");
        filterChainDefinitionMap.put("/wx/search/**", "anon");
        filterChainDefinitionMap.put("/wx/topic/**", "anon");
        filterChainDefinitionMap.put("/wx/comment/count", "anon");
        filterChainDefinitionMap.put("/wx/comment/list", "anon");
        filterChainDefinitionMap.put("/wx/home/index", "anon");
        filterChainDefinitionMap.put("/wx/storage/upload", "anon");
        filterChainDefinitionMap.put("/wx/**", "authc");

        shiroFilterFactoryBean.setFilterChainDefinitionMap(filterChainDefinitionMap);
        shiroFilterFactoryBean.setLoginUrl("/wx/auth/noAuthc");
        return shiroFilterFactoryBean;
    }

    /**
     * SecurityManager-->
     * Authenticator  可有可无的
     * Authorizer  同上
     * Realms
     * SessionManager
     */
    @Bean
    public DefaultWebSecurityManager securityManager(CustomRealm realm, WxRealm wxRealm,
                                                     DefaultWebSessionManager sessionManager) {
        DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
        //给SecurityManager、默认的认证器、默认的授权器都设置了Realms
        securityManager.setRealms(Arrays.asList(realm, wxRealm));
        securityManager.setSessionManager(sessionManager);
        return securityManager;

//        DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
//        // 设置认证器，如果没有设置，则采用默认的认证器 → ModularRealmAuthenticator
//        // 多账号管理体系 → 设置自定义的认证器
//        //securityManager.setAuthenticator();
//        // 设置授权器，如果没有设置，则采用默认的授权器 → ModularRealmAuthorizer
//        //securityManager.setAuthorizer();
//        // 给SecurityManager设置Realm信息 → 给默认的认证器和授权器设置Realm信息
//        securityManager.setRealm(customRealm);
//        //如果是多个realm，则使用setRealms方法
//        //securityManager.setRealms();
//
//        //securityManager.setSessionManager(shiroSessionManager);
//        return securityManager;
    }
    /**
     * Realm extends AuthorizingRealm
     * 可以用下面的，也可以直接增加@component注册为容器中的组件
     *
     */
//    @Bean
//    public AuthorizingRealm realm(){
//        return new CustomRealm();
//    }

    /**
     * SessionManger
     * 选择Shiro提供的，看包
     */
    @Bean
    public DefaultWebSessionManager sessionManager() {

        return new MarketSessionManager();
    }

    // 用到AspectJ → 使用注解的方式，将权限和url绑定起来
    @Bean
    public AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor(DefaultWebSecurityManager securityManager) {
        AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor = new AuthorizationAttributeSourceAdvisor();
        authorizationAttributeSourceAdvisor.setSecurityManager(securityManager);
        return authorizationAttributeSourceAdvisor;
    }
}

